Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

Symantec update crashes Chinese computers

Windows components were mistaken to be malware upon a flawed signature update by Symatec’s Norton anti-virus product.

The Norton AntiVirus product from Symantec picked up a bad update file on May 17. In turn, thousands of Windows users found their machines crippled by the new signatures, Chinese publication Xinhua reported.

Norton diligently wiped files from updated computers in which the update file pegged a couple of vital components, netapi32.dll and lsasrv.dll, as being malicious content. This resulted in systems crashing with recurring problems after rebooting.

A company spokesman cited in the report said that Symantec was working on a solution to the issue. Affected by last week’s update are Windows XP machines with Norton AntiVirus, running Microsoft’s simplified Chinese version of that operating system. Several installations of that combination exist in China and most systems falling victim are grabbing the bad update file.

USB Worm has a taste for Firefox, YouTube

Firefox, Youtube and even Google’s Orkut social utility site are the focus of attention from a worm that spreads to machines from USB drives.

A USB worm found by FaceTime’s research team has been discussed by Chris Boyd, known to security pros as Paperghost.

USB drives are the 21st Century equivalent of the floppy disk, and they are proving just as troublesome when it comes to spreading malware.

It was shown by Boyd that the USB worm variant uses an autorun.inf file to spread onto a machine once the drive is connected. This variant puts up annoying messages when someone launches the Firefox browser, which the worm then closes.

In addition, even switching to Internet Explorer to connect to Orkut or YouTube brings up similar messages about which state the site has been banned in. Boyd also revealed how some of the files associated with this worm are designed to look like .exe files on the desktop.

Google under EU scanner

According to EU advisors, Google is violating European Union privacy laws by storing user information on customer queries for prolonged periods of time.

An independent European Union committee has been set up and begun an investigation in order to determine whether Google follows the privacy guidelines set by the EU.

This 28-member panel, which advises the European Commission and EU governments on data protection issues, is demanding that Google address concerns about its practice of storing and retaining user information for up to two years.

The information preserved by Google includes items such as any search terms typed, addresses of the Internet servers, and personal information contained on identifier programs, better known as cookies.

The standard information is retained from everyone who uses the search engine but the privacy groups are now concerned the data is being used to create profiles.

In Europe and the United States, regulators are claiming that the Google as well as rivals Microsoft and Yahoo might be on lines of violating Internet users' civil liberties by using stored information for click based advertising model.

In recent times, this California based company purchased online advertiser DoubleClick for $3.1 billion.

Although Google has initiated personalisation efforts, it's an industry-wide issue. It is not only Google, but because of their size and popularity, they have been at the centre point of this debate.

Google is expected to respond to the charges before the June meeting of the advisory group.

According to Google, respecting user privacy and balancing a number of important factors, such as maintaining security and preventing fraud and abuse are important aspects of their commitment.

The EU move comes due to a consumer group's request to the Federal Trade Commission for an investigation of Google's privacy protection policies which was spurred by its proposal to buy DoubleClick.

Google is often a target because of the amount of information the company has amassed gathered and people are starting to worry that their footprint is too big and they have become too powerful.

Google has been responsive to those concerns. In March, it cut the time it keeps users' data on Web searches to between 18 and 24 months, Sterling pointed out, but that might not be enough to keep regulators off its back.

Report slams FBI network security

The Government Accountability Office, the US federal government’s watchdog agency, released a report critical of the FBI's internal network, asserting it lacks security controls adequate to thwart an insider attack.

In the report, titled “Information Security:

FBI Needs to Address Weaknesses in Critical Network,” the authors— Gregory Wilshusen, GAO’s director of information security issues, and Chief Technologist Keith Rhodes said the FBI lacks adequate network security controls.

The bureau, which had the opportunity to review the GAO’s findings before publication, responded that it wasn’t arguing with some of the technical observations expressed in the GAO report, but disagreed that the FBI is open to unacceptable risk of an insider attack.

The GAO report also criticised FBI network security in other regards, saying that there was a lack of encryption to protect sensitive data and patch management wasn't being done in a timely manner.

The GAO's analysis of the FBI internal network had been requested by Rep. James Sensenbrenner, chair of the Judiciary Committee in the U.S. House of Representatives.

New Vulnerability found in Opera

A vulnerability has been discovered in Opera, which can be exploited to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of certain keys in torrent files and can be exploited to cause a stack-based buffer overflow when a user right-clicks a malicious torrent entry in the transfer manager.

While the vulnerability is confirmed in version 9.20 for Windows, other versions may also be affected.

Cross platform OpenOffice virus

In order to demonstrate a way to infect Windows, Linux and Mac OS X systems with a single script, a virus writer has written a proof-of-concept OpenOffice document.

The virus which is dubbed BadBunny by antivirus firm Sophos, is a script embedded in an OpenOffice Draw file and performs different actions based on the host's operating system. For Windows users, the program drops a file for the instant messaging client mIRC that attempts to spread the virus. On the Mac OS X, the program places two Ruby scripts that attempts to propagate the file, and on Linux machines, BadBunny drops scripts written in Python and Perl to copy itself to other systems.

The program, which has not been seen in the wild, seems unlikely to spread, said Graham Cluley, senior technology consultant for Sophos.

One of the senior technology consultants feels that the group responsible for writing the BadBunny malware doesn't seem to have much confidence in it spreading since they have sent it directly to Sophos Lab.

This virus is not the first to target OpenOffice. A year ago, a group of virus writers had sent the Stardust OpenOffice virus to antivirus companies. OpenOffice does not attract many attacks, so online thieves have started exploiting flaws in Microsoft's Office software to create attacks aimed at infiltrating computer systems within government agencies and corporations.

The latest proof-of-concept virus for OpenOffice poses little risk to users. According to Sophos, it received its name from the files it attempts to create during infection as well as a pornographic picture involving a man in a bunny suit.